Blog

U.S. Joins International Action Against RedLine and META Infostealers

RedLine and META Infostealers stole information from millions of victims around the world; U.S. complaint charges developer and administrator; U.S. law enforcement seizes infrastructure.

Default Author Image
October 29, 2024

“AUSTIN, Texas – The Department of Justice joined the Netherlands, Belgium, Eurojust and other partners in announcing an international disruption effort against the current version of RedLine Infostealer, one of the most prevalent infostealers in the world that has targeted millions of victim computers, and the closely-related META Infostealer.”

“The Justice Department, FBI, Naval Criminal Investigative Service, IRS Criminal Investigation, Defense Criminal Investigative Service, and Army Criminal Investigation Division joined international partners in the Joint Cybercrime Action Taskforce (‘JCAT’) Operation Magnus (supported by Europol) to seize domains, servers, and Telegram accounts used by the RedLine and META administrators to disrupt the operations of the infostealers.”

“International authorities have created a website at www.operation-magnus.com with additional resources for the public and potential victims.”

“Infostealers are a prevalent form of malware used to steal sensitive information from victim’s computers including usernames and passwords, financial information, system information, cookies, and cryptocurrency accounts. The stolen information—referred to as ‘logs’—is sold on cybercrime forums and used for further fraudulent activity and other hacks. RedLine has been used to conduct intrusions against major corporations. RedLine and META infostealers can also enable cyber criminals to bypass multi-factor authentication (MFA) through the theft of authentication cookies and other system information.”

“RedLine and META are sold through a decentralized Malware as a Service (‘MaaS’) model where affiliates purchase a license to use the malware, and then launch their own campaigns to infect their intended victims. The malware is distributed to victims using malvertising, e-mail phishing, fraudulent software downloads, and malicious software sideloading. Various schemes, including COVID-19 and Windows update related ruses have been used to trick victims into downloading the malware. The malware is advertised for sale on cybercrime forums and through Telegram channels that offer customer support and software updates. RedLine and META have infected millions of computers worldwide and, by some estimates, RedLine is one of the top malware variants in the world.”

“Through various investigative steps, law enforcement has collected victim log data stolen from computers infected with RedLine and META. While an exact number has not been finalized, agents have identified millions of unique credentials (usernames and passwords), email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc. The United States does not believe it is in possession of all the stolen data and continues to investigate.”

“The Department has unsealed a warrant issued in the Western District of Texas that authorized law enforcement to seize two domains used by RedLine and META for command and control.” (Source: US Department of Justice)

See Flashpoint in Action